Re: Error starting any Debian installation (on an AMD SEV enabled KVM)
Yes, unfortunately, this is necessary to use SEV. Please take a look at these instructions. https://libvirt.org/kbase/launch_security_sev.html https://developer.amd.com/sev/ The settings memtune, uefi, iommu are required to use launchSecurity = sev The use for secured KVM using AMD Secure Encrypted Virtualization (SEV) is unfortunately not mentioned in your link. I showed you how to create a KVM and boot it to an Ubuntu or Centos image. It works that way but not with Debian. The question that arises is what is different about the other images than Debian Images. If you want I can of course also test other OS. with --location http://deb.debian.org/debian/dists/buster/main/installer-amd64/ I cannot boot with sev on — this only works without launchSecurity sev virsh destroy buster-amd64 ; virsh undefine buster-amd64 --nvram virt-install --virt-type kvm --name buster-amd64 \ --boot uefi \ --location http://deb.debian.org/debian/dists/buster/main/installer-amd64/ \ --network network=ovs-test,model=virtio,driver.iommu=on \ --os-variant debian10 \ --graphics vnc,keymap=de,password='testing passwd' \ --video=cirrus \ --disk size=20 --memory 4096 \ --memtune hard_limit=4563402 \ --launchSecurity sev Best, Daniel > There is no need to PM me. I am subscribed to the mailinglist. > > > On Tue, Aug 10, 2021 at 02:06:04PM +0200, Office onFocus wrote: >> these are my iso files: >> > [...] > >> wget >> https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-10.10.0-amd64-netinst.iso >> wget >> https://get.debian.org/cdimage/weekly-builds/amd64/iso-cd/debian-testing-amd64-netinst.iso >> > Those should do. > > [...] > > >> >> >> ## Testing DEBIAN >> >> This Debian 10 test is NOT successful. You can boot the ISO and select any OS >> from the GRUB menu. For example "Debian Installer". >> >> Debian GNU/Linux Live (kernel 4.19.0-17-amd64) >> Debian Live with Localisation Support >> Graphical Debian Installer >> *Debian Installer >> Debian Installer with Speech Synthesis >> >> The kernel should be loaded, but the KVM reboots and you are back in the >> GRUB menu :( >> >> >> >> The KVM creation is identical to Ubuntu except for the iso file and the >> os-variant parameter, >> but the setting of the os-variant parameter has no effect. >> >> --- >> root@server:/var/lib/libvirt/images# virsh destroy sev-test; virsh undefine >> sev-test --nvram >> s \ >> --launchSecurity sev >> >> >> Domain 'sev-test' destroyed >> >> Domain 'sev-test' has been undefined >> >> root@server:/var/lib/libvirt/images# rm /var/lib/libvirt/images/sev-test* >> /var/lib/libvirt/qemu/nvram/sev-test_VARS.fd >> rm: cannot remove '/var/lib/libvirt/qemu/nvram/sev-test_VARS.fd': No such >> file or directory >> root@server:/var/lib/libvirt/images# qemu-img create -f qcow2 >> /var/lib/libvirt/images/sev-test.qcow2 20G >> Formatting '/var/lib/libvirt/images/sev-test.qcow2', fmt=qcow2 >> cluster_size=65536 extended_l2=off compression_type=zlib size=21474836480 >> lazy_refcounts=off refcount_bits=16 >> root@server:/var/lib/libvirt/images# >> root@server:/var/lib/libvirt/images# virt-install \ >>> --name sev-test \ >>> --memory 4096 \ >>> --memtune hard_limit=4563402 \ >>> --boot uefi \ >>> --disk >>> /var/lib/libvirt/images/debian-live-10.10.0-amd64-standard.iso,device=cdrom >>> \ >>> --disk /var/lib/libvirt/images/sev-test.qcow2,device=disk,bus=scsi \ >>> --os-type linux \ >>> --os-variant debian10 \ >>> --import \ >>> --controller type=scsi,model=virtio-scsi,driver.iommu=on \ >>> --controller type=virtio-serial,driver.iommu=on \ >>> --memballoon driver.iommu=on \ >>> --graphics vnc,keymap=de,password='test passwd' \ >>> --network network=ovs-test,model=virtio,driver.iommu=on \ >>> --video=cirrus \ >>> --launchSecurity sev >> WARNING Graphics requested but DISPLAY is not set. Not running virt-viewer. >> WARNING No console to launch for the guest, defaulting to --wait -1 >> >> Starting install... >> >> Domain is still running. Installation may be in progress. >> Waiting for the installation to complete. >> --- >> > > Is there a reason why you do it this way and you use all these > options? Or is this just something you found on google? > > Please try a much simpler approach for testing debian: > > virt-install --virt-type kvm --name buster-amd64 \ > --location http://deb.debian.org/debian/dists/buster/main/installer-amd64/ \ > --os-variant debian10 \ > --disk size=20 --memory 4096 > > This is btw. from the debian wiki (https://wiki.debian.org/KVM) > > -H > > > -- > Henning Follmann | hfollm...@itcfollmann.com >
Re: Error starting any Debian installation (on an AMD SEV enabled KVM)
There is no need to PM me. I am subscribed to the mailinglist. On Tue, Aug 10, 2021 at 02:06:04PM +0200, Office onFocus wrote: > these are my iso files: > [...] > wget > https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-10.10.0-amd64-netinst.iso > wget > https://get.debian.org/cdimage/weekly-builds/amd64/iso-cd/debian-testing-amd64-netinst.iso > Those should do. [...] > > > ## Testing DEBIAN > > This Debian 10 test is NOT successful. You can boot the ISO and select any OS > from the GRUB menu. For example "Debian Installer". > > Debian GNU/Linux Live (kernel 4.19.0-17-amd64) > Debian Live with Localisation Support > Graphical Debian Installer > *Debian Installer > Debian Installer with Speech Synthesis > > The kernel should be loaded, but the KVM reboots and you are back in the GRUB > menu :( > > > > The KVM creation is identical to Ubuntu except for the iso file and the > os-variant parameter, > but the setting of the os-variant parameter has no effect. > > --- > root@server:/var/lib/libvirt/images# virsh destroy sev-test; virsh undefine > sev-test --nvram > s \ > --launchSecurity sev > > > Domain 'sev-test' destroyed > > Domain 'sev-test' has been undefined > > root@server:/var/lib/libvirt/images# rm /var/lib/libvirt/images/sev-test* > /var/lib/libvirt/qemu/nvram/sev-test_VARS.fd > rm: cannot remove '/var/lib/libvirt/qemu/nvram/sev-test_VARS.fd': No such > file or directory > root@server:/var/lib/libvirt/images# qemu-img create -f qcow2 > /var/lib/libvirt/images/sev-test.qcow2 20G > Formatting '/var/lib/libvirt/images/sev-test.qcow2', fmt=qcow2 > cluster_size=65536 extended_l2=off compression_type=zlib size=21474836480 > lazy_refcounts=off refcount_bits=16 > root@server:/var/lib/libvirt/images# > root@server:/var/lib/libvirt/images# virt-install \ > > --name sev-test \ > > --memory 4096 \ > > --memtune hard_limit=4563402 \ > > --boot uefi \ > > --disk > > /var/lib/libvirt/images/debian-live-10.10.0-amd64-standard.iso,device=cdrom > > \ > > --disk /var/lib/libvirt/images/sev-test.qcow2,device=disk,bus=scsi \ > > --os-type linux \ > > --os-variant debian10 \ > > --import \ > > --controller type=scsi,model=virtio-scsi,driver.iommu=on \ > > --controller type=virtio-serial,driver.iommu=on \ > > --memballoon driver.iommu=on \ > > --graphics vnc,keymap=de,password='test passwd' \ > > --network network=ovs-test,model=virtio,driver.iommu=on \ > > --video=cirrus \ > > --launchSecurity sev > WARNING Graphics requested but DISPLAY is not set. Not running virt-viewer. > WARNING No console to launch for the guest, defaulting to --wait -1 > > Starting install... > > Domain is still running. Installation may be in progress. > Waiting for the installation to complete. > --- > Is there a reason why you do it this way and you use all these options? Or is this just something you found on google? Please try a much simpler approach for testing debian: virt-install --virt-type kvm --name buster-amd64 \ --location http://deb.debian.org/debian/dists/buster/main/installer-amd64/ \ --os-variant debian10 \ --disk size=20 --memory 4096 This is btw. from the debian wiki (https://wiki.debian.org/KVM) -H -- Henning Follmann | hfollm...@itcfollmann.com
Re: Error starting any Debian installation (on an AMD SEV enabled KVM)
On Mon, Aug 09, 2021 at 02:04:49PM +0200, Office onFocus wrote: > I cannot start an installation of a debian * .iso (install, live, ..) from > any installation medium. > > This problem affects all Debian images. There are no problems with Ubuntu or > CentOS! As soon as you > boot the ISO and click Install, there is no error message and the boot > process begins again (loop). How did you create your installation media? > > This problem has been around for a long time, and it only occurred to me now > that it only affects Debian. For testing I recommend the tutorial > https://docs.ovh.com/asia/en/dedicated/enable-and-use-amd-sme-sev/ > > Server: buster / sid > Libvirt: 7.0.0-3 > qemu: 1: 5.2 + dfsg-11 > > I hope you can help me soon so that I can install a KVM (sev) with Debian. I assume you want to create a KVM image? How do you try to start the instance for installation? (Please list the complete line for running kvm) -H -- Henning Follmann | hfollm...@itcfollmann.com
Error starting any Debian installation (on an AMD SEV enabled KVM)
I cannot start an installation of a debian * .iso (install, live, ..) from any installation medium. This problem affects all Debian images. There are no problems with Ubuntu or CentOS! As soon as you boot the ISO and click Install, there is no error message and the boot process begins again (loop). This problem has been around for a long time, and it only occurred to me now that it only affects Debian. For testing I recommend the tutorial https://docs.ovh.com/asia/en/dedicated/enable-and-use-amd-sme-sev/ Server: buster / sid Libvirt: 7.0.0-3 qemu: 1: 5.2 + dfsg-11 I hope you can help me soon so that I can install a KVM (sev) with Debian.
